No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - IP Routing 01

This is NE40E V800R010C10SPC500 Configuration Guide - IP Routing
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring IPSec Authentication for RIPng

Configuring IPSec Authentication for RIPng

By default, IP security (IPSec) authentication is not configured. Configuring authentication is recommended to ensure system security.

Applicable Environment

As networks develop rapidly, network security has become a major concern. If IPSec authentication is configured on a RIPng network, the sent and received RIPng packets will be authenticated, and those cannot pass authentication will be discarded. This can improve the security of the RIPng network.

There are two methods of configuring IPSec authentication for RIPng:
  • One method is to configure IPSec authentication in RIPng processes. If IPSec authentication is enabled in a RIPng process, this configuration takes effect on all interfaces in this RIPng process. This method is recommended if IPSec authentication needs to be applied to all interfaces in a RIPng process.

  • The other method is to configure IPSec authentication on RIPng interfaces. This method is recommended if IPSec authentication needs to be applied only to some interfaces in a RIPng process.

Pre-configuration Tasks

Before configuring IPSec authentication for RIPng, complete the following tasks:

Configuration Procedure

You can choose one or more configuration tasks (excluding "Checking the Configuration") as required.

Configuring IPsec Authentication for a RIPng Process

Configuring IP security (IPsec) authentication in the RIPng view is one of the methods used to configure IPsec authentication for RIPng.

Context

After IPsec authentication is configured in the RIPng view, all interfaces in this RIPng process perform IPsec authentication on RIPng packets received and to be sent.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ripng [ process-id ]

    The RIPng view is displayed.

  3. Run ipsec sa sa-name

    IPsec authentication is enabled, and the name of a security association (SA) is specified.

  4. Run commit

    The configuration is committed.

Configuring IPSec Authentication on a RIPng Interface

Configuring IP security (IPSec) authentication in the interface view is the other method used to configure IPSec authentication for RIPng.

Context

An SA configured on an RIPng interface is used to authenticate the packets sent and received by the interface.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run ripng ipsec sa sa-name

    IPSec authentication is enabled on the interface, and the name of an SA is specified.

    NOTE:

    The ripng ipsec sa command takes precedence over the ipsec sa command. If both commands are run in respective views and different SA names are specified, only the configuration of the ripng ipsec sa command takes effect.

  4. Run commit

    The configuration is committed.

Verifying the Configuration of IPsec Authentication for RIPng

After IP security (IPsec) authentication for RIPng is configured, you can check the security association (SA) used in IPSec authentication and statistics on the RIPng packets that failed authentication.

Prerequisites

After IPsec authentication is enabled in a RIPng process or on a RIPng interface, the configuration takes effect immediately. There is no need to restart the RIPng process.

Procedure

  • Run the display ripng process-id interface [ interface-type interface-number ] [ verbose ] command to check the SA used in IPsec authentication.
  • Run the display ripng process-id statistics interface { all | interface-type interface-number [ verbose | neighbor neighbor-ipv6-address ] } command to check the number of RIPng packets that failed authentication.

Example

Run the display ripng interface command, and you can view the name of an SA used in IPsec authentication on a RIPng interface.

<HUAWEI> display ripng 1 interface GigabitEthernet1/0/0 verbose
 GigabitEthernet1/0/0
    FE80::A0A:200:1
    State : UP, Protocol : RIPNG, MTU : 1440
    Metricin       : 0
    Metricout      : 1
    Default Route : Disabled
    Poison Reverse : Disabled
    Split Horizon : Enabled           
    Authentication : IPSEC (SA - sa1) 

Run the display ripng statistics interface command, and you can view the number of RIPng packets that failed authentication.

<HUAWEI> display ripng 1 statistics interface gigabitethernet 1/0/0
GigabitEthernet1/0/0(FE80::2E0:64FF:FE10:8142)
Statistical information          Last min     Last 5 min    Total
------------------------------------------------------------------
Periodic updates sent            5              23             259
Triggered updates sent           5              30             408
Response packet sent            10              34             434
Response packet received        15              38             467
Response packet ignored          0               0               0
Request packet sent              1               3               8
Request packet received          4              20              40
Request packet ignored           0               0               0
Bad packets received             0               0               0
Routes received                  0               0               0
Routes sent                      0               0               0
Bad routes received              0               0               0
Packet send failed               0               0               0
Packet IPSEC6 Auth failed        0               0               2
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055018

Views: 54468

Downloads: 209

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next